📖 ~1 min read
Table of contents
Symptom & Impact
Browsers fall back to HTTP/1.1 or fail TLS with cipher errors.
Environment & Reproduction
Old ssl_ciphers list missing TLS 1.3 ciphersuites required by HTTP/2.
nginx -v
nginx -T 2>/dev/null | grep -E 'ssl_protocols|ssl_ciphers'Root Cause Analysis
HTTP/2 mandates modern ciphers; legacy lists drop the connection.
Quick Triage
Probe the server with openssl s_client to see the negotiated cipher.
openssl s_client -alpn h2 -connect example.com:443 < /dev/null | head -20Step-by-Step Diagnosis
Identify config drift in ssl_protocols/ssl_ciphers.
grep -RE 'ssl_protocols|ssl_ciphers' /etc/nginx/conf.d/
Solution – Primary Fix
Update to a modern TLS profile and reload.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
sed -i 's/ssl_protocols .*/ssl_protocols TLSv1.2 TLSv1.3;/' /etc/nginx/conf.d/site.conf
nginx -t && systemctl reload nginx
Solution – Alternative Approaches
Use Mozilla intermediate profile snippets.
curl -fsSL https://ssl-config.mozilla.org/ffdhe4096.txt -o /etc/nginx/ffdhe4096.pemVerification & Acceptance Criteria
ALPN selects h2 and Lighthouse shows HTTP/2.
curl -sIv --http2 https://example.com 2>&1 | grep 'Using HTTP'Rollback Plan
Restore the original site config.
cp /etc/nginx/conf.d/site.conf.bak /etc/nginx/conf.d/site.conf && nginx -s reloadPrevention & Hardening
Track TLS config with a linter in CI.
ssh-audit example.com:443Related Errors & Cross-Refs
ALPN mismatch, handshake failed, HTTP/1.1 fallback.
Related tutorial: View the step-by-step tutorial for centos-stream-10.
View all centos-stream-10 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Mozilla TLS configurator, nginx ssl docs.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
